@CodesInChaos was right, it was an endianness problem.
I have used a function "OS2IP" taken from here. Just used it to generate the BigInteger from the byte array.
Dim P As Numerics.BigInteger = cripto.OS2IP(Convert.FromBase64String("gbb1FjTyN ... hs="), false)
Then I had to reverse the generated byte array:
Dim ResultBytes As Byte() = cripto.RSA_Decrypt(P, Q, D, Data).Reverse.ToArray
And the function that corrects the endianness:
''' <summary>
''' Converts a byte array to a non-negative integer.
''' </summary>
''' <param name="data">The number in the form of a byte array.</param>
''' <param name="isLittleEndian">Endianness of the byte array.</param>
''' <returns>An non-negative integer from the byte array of the specified endianness.</returns>
Public Shared Function OS2IP(data As Byte(), isLittleEndian As Boolean) As Numerics.BigInteger
Dim bi As Numerics.BigInteger = 0
If isLittleEndian Then
For i As Integer = 0 To data.Length - 1
bi += Numerics.BigInteger.Pow(256, i) * data(i)
Next
Else
For i As Integer = 1 To data.Length
bi += Numerics.BigInteger.Pow(256, i - 1) * data(data.Length - i)
Next
End If
Return bi
End Function
With that change, the result is now correct. Now I will look at the timing-attack issue :)