The 'show rights' command will display a list of all of the roles. Next to each role name is an ACL List which is just a listing of all of the policies assigned to each role.
'show rights <rolename>' will display the specified role, the policies assigned to it, and the rules assigned to each policy. I believe it is the only place you can see the whole picture; role - policies assigned to the role - rules assigned to each policy.
'show datapath acl id <id#>' display the line by line interpretation of the role. This output converts any aliases to their definition. If a single firewall rule references a netdestination alias that contains 4 hosts, this output shows 4 rules, one for each netdestination alias. This is the hardcore presentation of how the controller processes the firewall rules. The <id#> can be found from either of the previous commands i mentioned. You will need to go to the CLI reference guide and do some digging to understand how to interpret this output.
This doesn't give you exactly what you were looking for as far as exporting the roles, but it may help. A simple copy from the CLI will allow you paste any of these elsewhere.
I hope this helps,