1) What are the verifications performed?
The reader verifies that the digital signature has been issued by a trusted authority (more precisely, that the signer's digital certificate in its hierarchy tree has at least one certificate that is already trusted by the Adobe Reader.
Secondly, it verifies that the Signer's certificate has not been revoked. This usually requires the internet. The list of revoked certificates (Called Certificate Revocation List - CRL) is available at a URL embedded within the Digital Signature, and the Reader tries to access that URL to ensure that the Signer's certificate is not in the CRL. Acrobat Readers often store these CRLs in their cache, in which case a connection to the URL may not be made.
2) What are the URLs that need to be accessible to the Acrobat Reader so that the Green tick appears?
These URLs are found in the Signer Certificate Details under the three headings shown below.
The above details have to be checked for URLs for each of the certificates in the tree.