Hello, at what scope are you trying to create the Export?
If it's at MCA Billing Account scope, Reader/Contributor/Owner role is sufficient for service principle. If it's at sub scope, you should have Owner/Contributor role on the sub. In addition to that, you should have Owner role (if there's firewall turned on) or Contributor role (without firewall on the storage account which is used in the Export.
If are getting authorization errors despite having these permissions, then please raise a support ticket.