VLAN 570 is allowed properly allowed on those links. I am still confused why N7K-1 switch choosing root path cast as 3, where direct link is having path cost of 2.
Please suggest if I am missing anything 

The key issue identified is that one Nexus 7K is selecting the vPC peer-link (Po1) as the root port instead of its direct uplink (Eth3/3), while the other Nexus 7K correctly selects its direct uplink (Eth8/2) as the root port. This creates an asymmetric STP topology, which can lead to suboptimal traffic forwarding. The root cause appears to be an unexpected path cost calculation, where Eth3/3 has a slightly higher cost (128.1027) than the vPC peer-link (128.4096). Normally, the direct uplink should have a lower cost than the vPC peer-link, ensuring proper STP behavior.

To fix this, first, manually adjust the spanning-tree cost on Eth3/3 to be lower than Po1 using spanning-tree cost 10 on the first N7K. This forces STP to prefer Eth3/3 as the root port. Additionally, verify the vPC peer-switch configuration by running show vpc. If peer-switch is not enabled, configure it on both N7Ks to synchronize STP behavior using vpc domain <domain-id> followed by peer-switch. This prevents one switch from choosing the peer-link as the root port while the other correctly selects the direct uplink.

Note: The vPC Peer Switch enhancement is only supported on a vPC domain which contains the root for all VLANs.

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217274-understand-virtual-port-channel-vpc-en.html#toc-hId-770794586

Either remove peer-switch, or move root to VPC pair. One more option - configure uplink to C9K-2 as VPC.

@Pavel Tarakanov 
Thanks, I understand your point
Will peer-link always be forwarding state on spanning tree vlan ?

In some corner cases it could go to blocking state, but it's not a normal way of operation. During design and operation it's better to think about this link as always forward.