Under tmp/deploy/licenses, we find a directory list of packages (including their corresponding licenses) and an image folder with a package and license manifest.

For the example reduced image provided before, image-small, we have the following:

tmp/deploy/licenses/image-small-initramfs-wandboard-<timestamp>/package.manifest 
base-files 
base-passwd 
busybox 
busybox-syslog 
busybox-udhcpc 
initscripts 
initscripts-functions 
libc6 
run-postinsts 
sysvinit 
sysvinit-inittab 
sysvinit-pidof 
update-alternatives-opkg 
update-rc.d 

And the corresponding tmp/deploy/licenses/image-small-initramfs-wandboard-<timestamp>/license.manifest file excerpt is as follows:

PACKAGE NAME: base-files                                                         
PACKAGE VERSION: 3.0.14                                                          
RECIPE NAME: base-files                                                          
LICENSE: GPLv2                                                                   
                                                                                 
PACKAGE NAME: base-files-lic                                                     
PACKAGE VERSION: 3.0.14                                                          
RECIPE NAME: base-files                                                          
LICENSE: GPLv2   

These files can be used to analyze all the different packages that form our root filesystem. We can also audit them to make sure we comply with the licenses when releasing our product to the public.