Cannot externally access the OpenShift 4.2 built-in docker registry

I have a kubeadmin account for OpenShift 4.2 and am able to successfully login via oc login -u kubeadmin.

I exposed the built-in docker registry through DefaultRoute as documented in https://docs.openshift.com/container-platform/4.2/registry/securing-exposing-registry.html

My docker client runs on macOS and is configured to trust the default self-signed certificate of the registry

openssl s_client -showcerts -connect $(oc registry info) </dev/null 2>/dev/null|openssl x509 -outform PEM > tls.pem
security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain tls.pem

Now when I try logging into the built-in registry, I get the following error

docker login $(oc registry info) -u $(oc whoami) -p $(oc whoami -t)
Error response from daemon: Get https://my-openshift-registry.com/v2/: unauthorized: authentication required

The registry logs report the following errors

error authorizing context: authorization header required
invalid token: Unauthorized

And more specifically

oc logs -f -n openshift-image-registry deployments/image-registry
time="2019-11-29T18:03:25.581914855Z" level=warning msg="error authorizing context: authorization header required" go.version=go1.11.13 http.request.host=my-openshift-registry.com http.request.id=aa41909a-4aa0-42a5-9568-91aa77c7f7ab http.request.method=GET http.request.remoteaddr=10.16.7.10 http.request.uri=/v2/ http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.9.184-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(darwin\\))"
time="2019-11-29T18:03:25.581958296Z" level=info msg=response go.version=go1.11.13 http.request.host=my-openshift-registry.com http.request.id=d2216e3a-0e12-4e77-b3cb-fd47b6f9a804 http.request.method=GET http.request.remoteaddr=10.16.7.10 http.request.uri=/v2/ http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.9.184-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(darwin\\))" http.response.contenttype="application/json; charset=utf-8" http.response.duration="923.654µs" http.response.status=401 http.response.written=87
time="2019-11-29T18:03:26.187770058Z" level=error msg="invalid token: Unauthorized" go.version=go1.11.13 http.request.host=my-openshift-registry.com http.request.id=638fc003-1d4a-433c-950e-f9eb9d5328c4 http.request.method=GET http.request.remoteaddr=10.16.7.10 http.request.uri="/openshift/token?account=kube%3Aadmin&client_id=docker&offline_token=true" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.9.184-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(darwin\\))"
time="2019-11-29T18:03:26.187818779Z" level=info msg=response go.version=go1.11.13 http.request.host=my-openshift-registry.com http.request.id=5486d94a-f756-401b-859d-0676e2a28465 http.request.method=GET http.request.remoteaddr=10.16.7.10 http.request.uri="/openshift/token?account=kube%3Aadmin&client_id=docker&offline_token=true" http.request.useragent="docker/19.03.5 go/go1.12.12 git-commit/633a0ea kernel/4.9.184-linuxkit os/linux arch/amd64 UpstreamClient(Docker-Client/19.03.5 \\(darwin\\))" http.response.contenttype=application/json http.response.duration=6.97799ms http.response.status=401 http.response.written=0

My oc client is

oc version
Client Version: version.Info{Major:"4", Minor:"1+", GitVersion:"v4.1.0+b4261e0", GitCommit:"b4261e07ed", GitTreeState:"clean", BuildDate:"2019-07-06T03:16:01Z", GoVersion:"go1.12.6", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"14+", GitVersion:"v1.14.6+2e5ed54", GitCommit:"2e5ed54", GitTreeState:"clean", BuildDate:"2019-10-10T22:04:13Z", GoVersion:"go1.12.8", Compiler:"gc", Platform:"linux/amd64"}

My docker info is

docker info
Client:
Debug Mode: false

Server:
Containers: 7
Running: 0
Paused: 0
Stopped: 7
Images: 179
Server Version: 19.03.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.184-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 6
Total Memory: 5.818GiB
Name: docker-desktop
ID: JRNE:4IBW:MUMK:CGKT:SMWT:27MW:D6OO:YFE5:3KVX:AEWI:QC7M:IBN4
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 29
Goroutines: 44
System Time: 2019-11-29T21:12:21.3565037Z
EventsListeners: 2
HTTP Proxy: gateway.docker.internal:3128
HTTPS Proxy: gateway.docker.internal:3129
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

I have tried adding the registry-viewer role to kubeadmin, but this did not make any difference

oc policy add-role-to-user registry-viewer kubeadmin
oc policy add-role-to-user registry-viewer kube:admin

Is there any suggestion as to what I could try or how to diagnose the problem further? I am able to access the registry from within the cluster, however, I need to access it externally through docker login.