Does the packet go directly to my ISP or to the VPN server? Can someone hacking in at the ISP level unravel this and find out where it’s on going destination is? Can an ISP decode it?
The packet still has to go through the ISP, because the packet still goes out the modem that's connected to the ISP's physical network. The next hop out of the ISP should be the VPN, so there's that. As far as someone snooping your traffic, it's encrypted, so unless someone knows both the encryption key and the encryption method, they can't decode it. In addition, if you're visiting a website that uses HTTPS, traffic between you and the site is encrypted on top of that. So even if the eavesdropper was able to decrypt the internet packet, they'd have to decrypt the actual data packet.
I believe also the encryption keys are negotiated ahead of time between your computer and the server on the initial connection (whatever that may be), and the keys are randomized.
Can I add to this emails as they work differently.
Internet traffic is internet traffic, regardless of what the data contains.
Here in the UK you hear of police investigating Muslim terrorists. They can find out all the websites they look at and any extremist material as well.
Some VPNs keep a log of where their users are going to. These should be avoided if privacy is your thing. Lots are compelled by their local government to do tracking if they ask for it.
And also, there are ways to find this information via cyber sting operations or whatnot. Like the incident in Australia where their local federal law enforcement managed to convince gangs to buy "private" phones, going so far as to setup a shell company and whatnot. Of course the kicker is these phones were bugged to heck to send or keep data as evidence.