The standard .NET way of doing it is:
SignedCms cms = new SignedCms(new ContentInfo(data), true);
cms.Decode(signature);
cms.CheckHash();
cms.CheckSignature(true);
However, .NET SignedCms is very limited, .e.g it cannot verify RSA-PSS signatures, that is why it is better to use the bouncy castle variant
CmsSignedData cmsSignedData = new (new CmsProcessableByteArray(data), signature);
SignerInformation signerInformation = cmsSignedData.GetSignerInfos().GetSigners()
.OfType<SignerInformation>().FirstOrDefault();
bool isValid = signerInformation.Verify(DotNetUtilities.FromX509Certificate(certificate));