Export of RSA falls under the same U.S. laws as all other cryptographic
products. See Question 3.1.6 for details.
RSA used for authentication is more easily exported than when used for
privacy. In the former case, export is allowed regardless of key
(modulus) size, although the exporter must demonstrate that the product
cannot be easily converted to use for encryption. In the case of RSA
used for privacy (encryption), the U.S. government generally does not
allow export if the key size exceeds 512 bits. Export policy is
currently a subject of debate, and the export status of RSA may well
change in the next year or two.
Regardless of U.S. export policy, RSA is available abroad in non-U.S. products.